Is the Use of Malware Out of Date?
Cyber criminals have been using Malware to cause data breaches and steal credentials since the time computers started becoming capable. The first ever Malware code was created in 1982 to target the Apple (News - Alert) LLC’s operating system that was attached to a game. It was called Elk Cloner and spread by copying itself onto the discs that were put in the infected system. This was almost 35 years ago. The world has changed significantly since then. Technology has evolved on both sides of the digital battlefront. Security companies are coming up with new and improved firewalls and cyber criminals/hackers are inventing their own devious ways to be a step ahead of cyber security companies.
Are Malware still the weapons of choice for hackers to steal credentials, or have they become outdated? Have they been replaced by new classes of software that are far more dangerous, much more difficult to trace and nearly impossible to prevent? Let’s have a look at some of the biggest, most widely known destructive cyber attacks in the last decade and the classes of software responsible.
- The Central Bank of Bangladesh had $81 million stolen in February 2016, when hackers used “FAREIT,” a new strain of Malware, to harvest the banking credentials.
- Hackers had stolen almost 100 terabytes of sensitive information from Sony during 2014 (blamed on North Korea) using Malware. This could have run into several billions of dollars.
- Seventy-seven million account details were stolen from Sony in 2011 using Malware, with damages in excess of $1 billion.
- Heartland payment systems were hacked into in 2008, the culprit being Malware, and 134 million card details were stolen, which cost them in excess of $140 million.
Stolen credentials are still a big business. The way they’re used is still not fully understood because their utility is limited only by the ingenuity of the hacker. Credit and debit card details and financial records appear to be the most lucrative type of data, apparently but seemingly useless credentials like medical records are also big business. When these records are stolen, the victims usually don’t bother and the theft is not noticed even after years. The criminals use this data to craft even more sophisticated Malware attacks.
Most PoS data theft still usually starts from Malware. Some unsuspecting soul clicks on some seemingly familiar attachment in some innocuous e-mail and a Malware is downloaded to create a foothold for the attacker. The attacker stays quiet and starts to move towards the PoS terminals through the network, staying dormant, all the while. This first level Malware then installs the master Malware on the PoS terminals when it is able to access them. This software then copies payment card data from the PoS terminals and sends it to the servers controlled by the criminals.
Malware is also amongst the fastest evolving hacking software. New unique Malware codes were up 36 percent in 2015. It is also the most widespread type of cyber threat…97 percent as reported in 2014. It is, moreover, a threat that has the widest possible attack surface in the form of websites. We are becoming increasingly digital in all our transactions – banking, shopping, bill payments, information seeking and many more utilities. Anything we can dream of today is related to websites in one form or another. This attack surface is growing every year. In a report released by Symantec (News - Alert), 75 percent of legal websites have vulnerabilities that expose the visitors to cyber criminals who are adept at using Malware.
90 percent of the 271 organizations surveyed by Rapid7 in the U.S., in 2015, were concerned with the use of stolen credentials for enabling cyber attacks, highlighting the fact that use of stolen credentials is still considered a huge threat.
According to the 2015 state of incident detection and response survey by Rapid 7, 60 percent of organizations could not detect the use of compromised credentials and 48 percent said that their top most priority was detecting ‘stolen credential based’ attacks.
Companies are increasingly using cloud services and they seldom keep track of their cloud services, which makes things more difficult. In fact, data from cloud security alliance indicate that all companies typically underestimate their use of cloud services. This underestimation is huge in some cases, even as much as by a factor of eight.
To further complicate matters, according to another report by Netskope, published in February 2016, enterprise cloud adoption is picking up and companies are using cloud based apps like never before. At an average, companies are using 917 cloud-based applications. These apps are, however, not cloud ready because they lack important security features like ability to remediate vulnerabilities. These apps can also be laced with seriously harmful Malware like Trojans, viruses and spyware. Unsanctioned apps usually form the greatest part of the whole cloud based application footprint (some estimates say around 95 percent) and the scope of cloud based Malware might be far higher than any research could have found out.
Malware use is very much up to date and stolen credentials are being used in more nefarious ways than ever before. Companies still consider Malware and credential theft as a serious cyber security threat. This one threat has literally moved with the times, upgraded in sophistication and evolved to match the new platform adoption. Growing technology and new platforms are only exacerbating this threat where we don’t fully understand either the vulnerabilities or the threat vectors.
About the Author:
Renin has over nine years of rich experience across all areas of Information Security, Enterprise Risk Management, Telecom Security, Technology Risk Management and Regulatory Compliance. Renin is operating under a practice role where he is involved in providing Security Solutions and carrying out Security Assessments for Happiest Minds customers.
Edited by Alicia Young